From 023e6b4f04cd1395b77ad1d4a88b6cb166633965 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 15 May 2019 08:04:08 +0200
Subject: [PATCH] libcli:auth: Use GnuTLS MD5 in
 decode_wkssvc_join_password_buffer()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 libcli/auth/smbencrypt.c | 47 ++++++++++++++++++++++++++++++----------
 1 file changed, 36 insertions(+), 11 deletions(-)

diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index 958c011caa0..54a0ad8a424 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -961,9 +961,12 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 					  DATA_BLOB *session_key,
 					  char **pwd)
 {
+	gnutls_hash_hd_t hash_hnd = NULL;
 	uint8_t buffer[516];
-	MD5_CTX ctx;
 	size_t pwd_len;
+	WERROR result;
+	bool ok;
+	int rc;
 
 	DATA_BLOB confounded_session_key;
 
@@ -986,20 +989,42 @@ WERROR decode_wkssvc_join_password_buffer(TALLOC_CTX *mem_ctx,
 	memcpy(&confounder, &pwd_buf->data[0], confounder_len);
 	memcpy(&buffer, &pwd_buf->data[8], 516);
 
-	MD5Init(&ctx);
-	MD5Update(&ctx, session_key->data, session_key->length);
-	MD5Update(&ctx, confounder, confounder_len);
-	MD5Final(confounded_session_key.data, &ctx);
+	rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+	if (rc < 0) {
+		result = WERR_NOT_ENOUGH_MEMORY;
+		goto out;
+	}
+
+	rc = gnutls_hash(hash_hnd, session_key->data, session_key->length);
+	if (rc < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		result = WERR_INTERNAL_ERROR;
+		goto out;
+	}
+	rc = gnutls_hash(hash_hnd, confounder, confounder_len);
+	if (rc < 0) {
+		gnutls_hash_deinit(hash_hnd, NULL);
+		result = WERR_INTERNAL_ERROR;
+		goto out;
+	}
+	gnutls_hash_deinit(hash_hnd, confounded_session_key.data);
 
 	arcfour_crypt_blob(buffer, 516, &confounded_session_key);
 
-	if (!decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, CH_UTF16)) {
-		data_blob_free(&confounded_session_key);
-		return WERR_INVALID_PASSWORD;
-	}
+	ok = decode_pw_buffer(mem_ctx, buffer, pwd, &pwd_len, CH_UTF16);
+
+	ZERO_ARRAY(confounder);
+	ZERO_ARRAY(buffer);
 
-	data_blob_free(&confounded_session_key);
+	data_blob_clear_free(&confounded_session_key);
 
-	return WERR_OK;
+	if (!ok) {
+		result = WERR_INVALID_PASSWORD;
+		goto out;
+	}
+
+	result = WERR_OK;
+out:
+	return result;
 }
 
-- 
2.34.1